Besides the much discussed Safe Harbor ruling, earlier this month the CJEU issued another landmark decision concerning data protection which may significantly impact companies operating in multiple EU Member States, in particular online and consumer-facing businesses. The CJEU held that a foreign company operating a service in the native language of an EU Member State and having a single representative in that Member State carries out a ‘real and effective activity’ in that EU Member State and can thus be held accountable by the Member State’s Data Protection Authority, despite not being headquartered in the country. This decision effectively disregards the rule of one-stop-shop on which most multinationals and internet businesses in Europe rely. Read details.